CNNVD-202512-697 Information

CNNVD ID

CNNVD-202512-697

Related CVE

CVE-2025-66270

• CNNVD Published: 2025-12-05

Description (Chinese)

KDE Connect是KDE社区的一个连接手机和电脑的软件。 KDE Connect 2025-11-28之前版本存在安全漏洞，该漏洞源于未关联设备ID，可能影响多个平台的KDE Connect客户端。

Description (English)

KDE Connect is a software that connects mobile phones and computers to the KDE community. There is a security loophole in the pre-KConnect 2025-11-28 version, which originates from unconnected device ID and may affect the KDE Connect client on multiple platforms.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

KDE

Published

2025-12-05

Last Modified

2026-02-24

References

https://invent.kde.org/network/kdeconnect-ios/-/commit/6c003c22d04270cabc4b262d399c753d55cf9080 https://invent.kde.org/network/kdeconnect-android/-/commit/675d2d24a1eb95d15d9e5bde2b7e2271d5ada6a9 https://kde.org/info/security/advisory-20251128-1.txt https://github.com/GSConnect/gnome-shell-extension-gsconnect/commit/a38246deec0af50ae218cdc51db32cdd7eb145e3 https://github.com/andyholmes/valent/commit/85f773124a67ed1add79e7465bb088ec667cccce https://invent.kde.org/network/kdeconnect-kde/-/commit/4e53bcdd5d4c28bd9fefd114b807ce35d7b3373e https://vigilance.fr/vulnerability/KDE-Connect-user-access-via-Handshake-Device-ID-Validation-48878

Patch

https://kdeconnect.kde.org/download.html